/** * Validates IP * @param string $ip */ public static function check_ip($ip) { if (check_ip($ip) == 0) { echo 'Error validate ip'; exit; } }
public function getTotalIpChecks() { function check_ip() { $ipaddress = 'UNKNOWN'; if (getenv('HTTP_CLIENT_IP')) { $ipaddress = getenv('HTTP_CLIENT_IP'); } else { if (getenv('REMOTE_ADDR')) { $ipaddress = getenv('REMOTE_ADDR'); } } return $ipaddress; } $sql_query = "CREATE TABLE IF NOT EXISTS `" . DB_PREFIX . "admin_ip_whitelist` ( " . " `admin_ip_whitelist_id` int(11) NOT NULL AUTO_INCREMENT, " . " `ip` varchar(15) COLLATE utf8_bin NOT NULL, " . " PRIMARY KEY (`admin_ip_whitelist_id`), " . " KEY `ip` (`ip`) " . ") ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 "; $this->db->query($sql_query); $sql_query = "SELECT COUNT(*) AS total FROM `" . DB_PREFIX . "admin_ip_whitelist` "; $query = $this->db->query($sql_query); if ((int) $query->row['total'] > 0) { $ip = check_ip(); $query = $this->db->query($sql_query . " WHERE ip = '" . $ip . "'"); return (int) $query->row['total']; } else { return 1; } }
protected function main() { if (!is_logged_in() || !check_auth('can_see_ip')) { redir(Nw::$lang['users']['error_cant_see_ip'], false, './'); } $this->load_lang_file('admin'); $this->set_title(Nw::$lang['users']['check_ip']); $this->set_tpl('membres/check_ip.html'); $this->add_css('forms.css'); if (!empty($_GET['ip'])) { inc_lib('users/check_ip'); $list_mbr = check_ip($_GET['ip']); Nw::$tpl->set('SEARCH', $_GET['ip']); foreach ($list_mbr as $mbr) { Nw::$tpl->setBlock('mbr', array('ID' => $mbr['u_id'], 'PSEUDO' => $mbr['u_pseudo'], 'IDENTIFIER' => $mbr['u_identifier'], 'LAST_IP' => long2ip($mbr['u_ip']), 'GROUP' => $mbr['g_nom'], 'ID_ADMIN' => $mbr['a_admin'], 'DATE_REGISTER' => $mbr['date_register'])); } } else { Nw::$tpl->set('SEARCH', ''); } // Fil ariane $this->set_filAriane(array(Nw::$lang['admin']['fa_admin'] => array('admin.html'), Nw::$lang['users']['check_ip'] => array(''))); }
function getip($dots = 4) { $ips = array(); $indices = array('REMOTE_ADDR', 'HTTP_X_FORWARDED_FOR', 'HTTP_CLIENT_IP'); foreach ($indices as $index) { // $_SERVER is sometimes for a windows server which can't handle getenv() $tip = @getenv($index); if (!empty($tip)) { $ips[] = $tip; } if (!empty($_SERVER[$index])) { $ips[] = $_SERVER[$index]; } } $ips = array_unique($ips); foreach ($ips as $ip) { $found = !check_ip($ip); if ($found == false) { return ext_iptrim(trim($ip), $dots); } } $b = _EnvValToInt('HTTP_USER_AGENT'); $c = _EnvValToInt('HTTP_ACCEPT'); $d = _EnvValToInt('HTTP_ACCEPT_LANGUAGE'); $ip = "0.{$b}.{$c}.{$d}"; return ext_iptrim($ip, $dots); }
} if ($nodeedit['sippostcode'] && !preg_match('/^\\d{2}-\\d{3}$/', $nodeedit['sippostcode'])) { $error['sippostcode'] = 'Błędny wpis!'; } if (!preg_match('/^[0-9.,\\/]+$/', $nodeedit['permit'])) { $error['permit'] = 'Błędny wpis!'; } else { $tmp = explode(',', $nodeedit['permit']); if (count($tmp) > 3) { $error['permit'] = 'Zbyt duża ilość wpisów!'; } else { $toadd = array(); foreach ($tmp as $val) { $val = trim($val); if (strpos($val, '/') === FALSE) { if (!check_ip($val)) { $error['permit'] = 'Błędny adres IP'; } else { $toadd[] = $val; } } else { $tmp2 = explode('/', $val); $netaddr = getnetaddr($tmp2[0], prefix2mask($tmp2[1])); if (!$netaddr || $tmp2[1] > 32 || $tmp2[1] < 8) { $error['permit'] = 'Błędny adres IP'; } else { $toadd[] = $netaddr . '/' . $tmp2[1]; } } } if (count($toadd) == 1) {
function getnetaddr($ip, $mask) { if (check_ip($ip) && check_mask($mask)) { $ip = ip2long($ip); $mask = ip2long($mask); return long2ip($ip & $mask); } else { return false; } }
} $domain = $DB->GetRow('SELECT id, name, ownerid, description, master, last_check, type, notified_serial, account, mxbackup FROM domains WHERE id = ?', array($id)); $layout['pagetitle'] = trans('Domain Edit: $a', $domain['name']); if (isset($_POST['domain'])) { $olddomain = $domain['name']; $oldowner = $domain['ownerid']; $domain = $_POST['domain']; $domain['name'] = trim($domain['name']); $domain['description'] = trim($domain['description']); $domain['id'] = $id; if ($domain['name'] == '' && $domain['description'] == '') { $SESSION->redirect('?' . $SESSION->get('backto')); } if ($domain['type'] == 'SLAVE') { if (!check_ip($domain['master'])) { $error['master'] = trans('IP address of master NS is required!'); } } else { $domain['master'] = ''; } if ($domain['name'] == '') { $error['name'] = trans('Domain name is required!'); } elseif (!preg_match('/^[a-z0-9._-]+$/', $domain['name'])) { $error['name'] = trans('Domain name contains forbidden characters!'); } elseif ($olddomain != $domain['name'] && GetDomainIdByName($domain['name'])) { $error['name'] = trans('Domain with specified name exists!'); } if ($domain['ownerid'] && $domain['ownerid'] != $oldowner) { $limits = $LMS->GetHostingLimits($domain['ownerid']); if ($limits['domain_limit'] !== NULL) {
if ($search) { while ($row = @da_sql_fetch_array($search, $config)) { $num = 0; $my_nas_name = $row['nasname']; if ($my_nas_name != '') { $nas_list[$my_nas_name]['name'] = $my_nas_name; $nas_server = $da_name_cache[$my_nas_name]; if (!isset($nas_server)) { if (!check_ip($my_nas_name)) { $nas_server = @gethostbyname($my_nas_name); } else { $nas_server = $my_nas_name; } if (!isset($da_name_cache) && $config[general_use_session] == 'yes') { $da_name_cache[$my_nas_name] = $nas_server; session_register('da_name_cache'); } } if ($nas_server != $my_nas_name || check_ip($nas_server)) { $nas_list[$my_nas_name]['ip'] = $nas_server; } $nas_list[$my_nas_name]['port_num'] = $row['ports']; $nas_list[$my_nas_name]['community'] = $row['community']; $nas_list[$my_nas_name]['model'] = $row['description']; } } } } else { echo "<b>Could not connect to SQL database</b><br>\n"; } }
$error['ipaddr'] = trans('Specified IP address doesn\'t overlap with any network!'); else { if (empty($nodedata['netid'])) $nodedata['netid'] = $DB->GetOne('SELECT id FROM networks WHERE INET_ATON(?) & INET_ATON(mask) = address ORDER BY id LIMIT 1', array($nodedata['ipaddr'])); if (!$LMS->IsIPInNetwork($nodedata['ipaddr'], $nodedata['netid'])) $error['ipaddr'] = trans('Specified IP address doesn\'t belong to selected network!'); elseif (!$LMS->IsIPFree($nodedata['ipaddr'], $nodedata['netid'])) $error['ipaddr'] = trans('Specified IP address is in use!'); elseif($LMS->IsIPGateway($nodedata['ipaddr'])) $error['ipaddr'] = trans('Specified IP address is network gateway!'); } if($nodedata['ipaddr_pub']!='0.0.0.0' && $nodedata['ipaddr_pub']!='') { if(!check_ip($nodedata['ipaddr_pub'])) $error['ipaddr_pub'] = trans('Incorrect node IP address!'); elseif(!$LMS->IsIPValid($nodedata['ipaddr_pub'])) $error['ipaddr_pub'] = trans('Specified IP address doesn\'t overlap with any network!'); elseif(!$LMS->IsIPFree($nodedata['ipaddr_pub'])) $error['ipaddr_pub'] = trans('Specified IP address is in use!'); elseif($LMS->IsIPGateway($nodedata['ipaddr_pub'])) $error['ipaddr_pub'] = trans('Specified IP address is network gateway!'); } else $nodedata['ipaddr_pub'] = '0.0.0.0'; $macs = array(); foreach($nodedata['macs'] as $key => $value) if(check_mac($value)) {
if (isset($_POST['set_new_sort']) and $config['allow_change_sort']) { $allowed_sort = array('date', 'rating', 'news_read', 'comm_num', 'title'); $find_sort = str_replace(".", "", totranslit($_POST['set_new_sort'])); $direction_sort = str_replace(".", "", totranslit($_POST['set_direction_sort'])); if (in_array($_POST['dlenewssortby'], $allowed_sort) and stripos($find_sort, "dle_sort_") === 0) { if ($_POST['dledirection'] == "desc" or $_POST['dledirection'] == "asc") { $_SESSION[$find_sort] = $_POST['dlenewssortby']; $_SESSION[$direction_sort] = $_POST['dledirection']; $_SESSION['dle_no_cache'] = "1"; } } } if ($config['allow_registration'] == "yes") { include_once ENGINE_DIR . '/modules/sitelogin.php'; if (isset($banned_info['ip'])) { $blockip = check_ip($banned_info['ip']); } else { $blockip = false; } if ($is_logged and $member_id['banned'] == "yes" or $blockip) { include_once ENGINE_DIR . '/modules/banned.php'; } if ($is_logged) { set_cookie("dle_newpm", $member_id['pm_unread'], 365); if ($member_id['pm_unread'] > intval($_COOKIE['dle_newpm']) and !$smartphone_detected) { include_once ENGINE_DIR . '/modules/pm_alert.php'; } } if ($is_logged and $user_group[$member_id['user_group']]['time_limit']) { if ($member_id['time_limit'] != "" and intval($member_id['time_limit']) < $_TIME) { $db->query("UPDATE " . USERPREFIX . "_users set user_group='{$user_group[$member_id['user_group']]['rid']}', time_limit='' WHERE user_id='{$member_id['user_id']}'");
/** * 初始化验证 */ function _initialize() { if(!$_GET['nonce_str']){ ajaxErrReturn('随机字符串必须'); } if(!$_GET['time_stamp']){ ajaxErrReturn('创建时间戳必须'); } if(!IS_POST){ ajaxErrReturn('数据必须'); } //判断是否内网ip if(!check_ip()){ ajaxErrReturn('非内网IP'); } //3分钟有效期 if($_REQUEST['time_stamp']+180<time()){ ajaxErrReturn('签名过期'); } $model = D('Api'); require_once(C('INTERFACE_PATH')."Cache/config.php"); require_once(C('INTERFACE_PATH')."Cache/lib/core.function.php"); require_once(C('INTERFACE_PATH')."Cache/lib/md5.function.php"); require_once(C('INTERFACE_PATH')."Cache/lib/rsa.function.php"); $appid = $_GET['appid']; $data['py_name'] = 'cache'; $data['appid'] = $appid; $vo = $model->where($data)->find(); if(!$vo){ ajaxErrReturn('无此应用'); } $appkey = $vo['appkey']; //除去待签名参数数组中的空值和签名参数 $para = $_GET; $para['c'] = CONTROLLER_NAME; $para['a'] = ACTION_NAME; $para_filter = CacheParaFilter($para); //对待签名参数数组排序 $para_sort = CacheArgSort($para_filter); $prestr = CacheCreateLinkstring($para_sort); $timestamp = $_GET['time_stamp']; $sign = $_POST['sign']; switch ($_POST['sign_type']) { case 'RSA': $result = CacheRsaVerify($prestr, $config['public_key_path'], $sign); break; case 'MD5': $result = CacheMd5Sign($appid, $appkey, $prestr, $timestamp, $sign); break; case 2: $result = CacheMd5Sign($appid, $appkey, $prestr, $timestamp, $sign); break; } //dump($result);exit; if(!$result){ ajaxErrReturn('验证失败'); } }
if ($nodeipdata['ipaddr'] == '') { $error['ipaddr'] = trans('IP address is required!'); } elseif (!check_ip($nodeipdata['ipaddr'])) { $error['ipaddr'] = trans('Incorrect IP address!'); } elseif (!$LMS->IsIPValid($nodeipdata['ipaddr'])) { $error['ipaddr'] = trans('Specified address does not belongs to any network!'); } else { if (empty($nodeipdata['netid'])) { $nodeipdata['netid'] = $DB->GetOne('SELECT id FROM networks WHERE INET_ATON(?) & INET_ATON(mask) = address ORDER BY id LIMIT 1', array($nodeipdata['ipaddr'])); } if (!$LMS->IsIPFree($nodeipdata['ipaddr'], $nodeipdata['netid']) && $LMS->GetNodeIPByID($_GET['ip']) != $nodeipdata['ipaddr']) { $error['ipaddr'] = trans('IP address is in use!'); } } if ($nodeipdata['ipaddr_pub'] != '0.0.0.0' && $nodeipdata['ipaddr_pub'] != '') { if (check_ip($nodeipdata['ipaddr_pub'])) { if ($LMS->IsIPValid($nodeipdata['ipaddr_pub'])) { $ip = $LMS->GetNodePubIPByID($nodeipdata['id']); if ($ip != $nodeipdata['ipaddr_pub'] && !$LMS->IsIPFree($nodeipdata['ipaddr_pub'])) { $error['ipaddr_pub'] = trans('Specified IP address is in use!'); } } else { $error['ipaddr_pub'] = trans('Specified IP address doesn\'t overlap with any network!'); } } else { $error['ipaddr_pub'] = trans('Incorrect IP address!'); } } else { $nodeipdata['ipaddr_pub'] = '0.0.0.0'; } $macs = array();
<?php $top11picks = $_POST['top11']; $write_in_value = $_POST['write_in_value']; $limit = 3; if ($write_in_value) { $limit = $limit - 1; } if (empty($top11picks)) { echo "<div class=\"center error\">You didn't select any songs, please <a href='top11.php'>go back</a> and try again.</div>"; } elseif (count($top11picks) > $limit) { echo "<div class=\"center error\">You selected more than 3 songs, please <a href='top11.php'>go back</a> and select only 3 songs.</div>"; } else { $ip = $_SERVER['REMOTE_ADDR']; //$ip = rand(0, 1000000); if ($by_pass_ip_check || check_ip($ip)) { $count = count($top11picks); for ($i = 0; $i < $count; $i++) { add_top11_plus1($top11picks[$i]); } $firstname = mysql_real_escape_string($_POST['firstname']); $lastname = mysql_real_escape_string($_POST['lastname']); $email = mysql_real_escape_string($_POST['email']); $phone = mysql_real_escape_string($_POST['phone']); $write_in_value = mysql_real_escape_string($_POST['write_in_value']); $contest = $_POST['contest']; $newsletter = $_POST['newsletter']; if ($write_in_value) { write_in($write_in_value); } if ($contest == "yes" && ($email || $phone)) {
$error['dhcpstart'] = trans('IP address for DHCP range start does not match with network address!'); } } if ($netadd['dhcpend'] != '') { if (!check_ip($netadd['dhcpend'])) { $error['dhcpend'] = trans('Incorrect IP address for DHCP range end!'); } elseif (!isipin($netadd['dhcpend'], getnetaddr($netadd['address'], prefix2mask($netadd['prefix'])), prefix2mask($netadd['prefix'])) && $netadd['address'] != '') { $error['dhcpend'] = trans('IP address for DHCP range end does not match with network address!'); } } if (!isset($error['dhcpstart']) && !isset($error['dhcpend'])) { if ($netadd['dhcpstart'] != '' && $netadd['dhcpend'] == '' || $netadd['dhcpstart'] == '' && $netadd['dhcpend'] != '') { $error['dhcpend'] = trans('Both IP addresses for DHCP range are required!'); } if ($netadd['dhcpstart'] != '' && $netadd['dhcpend'] != '' && !(ip_long($netadd['dhcpend']) >= ip_long($netadd['dhcpstart']))) { $error['dhcpend'] = trans('End of DHCP range has to be equal or greater than start!'); } } if ($netadd['ipnat'] != '' && !check_ip($netadd['ipnat'])) { $error['ipnat'] = 'Błędnie podano adres IP'; } if (empty($error)) { $SESSION->redirect('?m=netinfo&id=' . $LMS->NetworkAdd($netadd)); } $SMARTY->assign('error', $error); $SMARTY->assign('netadd', $netadd); } $layout['pagetitle'] = trans('New Network'); $SMARTY->assign('prefixlist', $LMS->GetPrefixList()); $SMARTY->assign('hostlist', $LMS->DB->GetAll('SELECT id, name FROM hosts ORDER BY name')); $SMARTY->display('netadd.html');
function GetUserInfo($id) { if ($userinfo = $this->DB->GetRow('SELECT * FROM users WHERE id = ?', array($id))) { $this->cache['users'][$id] = $userinfo; if ($userinfo['id'] == $this->AUTH->id) { $userinfo['lastlogindate'] = $this->AUTH->last; $userinfo['lastloginip'] = $this->AUTH->lastip; } if ($userinfo['accessfrom']) { $userinfo['accessfrom'] = date('Y/m/d', $userinfo['accessfrom']); } else { $userinfo['accessfrom'] = ''; } if ($userinfo['accessto']) { $userinfo['accessto'] = date('Y/m/d', $userinfo['accessto']); } else { $userinfo['accessot'] = ''; } if ($userinfo['lastlogindate']) { $userinfo['lastlogin'] = date('Y/m/d H:i', $userinfo['lastlogindate']); } else { $userinfo['lastlogin'] = '******'; } if ($userinfo['failedlogindate']) { $userinfo['faillogin'] = date('Y/m/d H:i', $userinfo['failedlogindate']); } else { $userinfo['faillogin'] = '******'; } if ($userinfo['passwdlastchange']) { $userinfo['passwdlastchange'] = date('Y/m/d H:i', $userinfo['passwdlastchange']); } else { $userinfo['passwdlastchange'] = '-'; } if (get_conf('phpui.gethostbyaddr') && check_ip($userinfo['lastloginip'])) { $userinfo['lastloginhost'] = gethostbyaddr($userinfo['lastloginip']); } else { $userinfo['lastloginhost'] = '-'; $userinfo['lastloginip'] = '-'; } if (get_conf('phpui.gethostbyaddr') && check_ip($userinfo['failedloginip'])) { $userinfo['failedloginhost'] = gethostbyaddr($userinfo['failedloginip']); } else { $userinfo['failedloginhost'] = '-'; $userinfo['failedloginip'] = '-'; } } return $userinfo; }
if ($netadd['gateway'] != '') { if (!check_ip($netadd['gateway'])) { $error['gateway'] = trans('Incorrect gateway IP address!'); } elseif (!isipin($netadd['gateway'], getnetaddr($netadd['address'], prefix2mask($netadd['prefix'])), prefix2mask($netadd['prefix']))) { $error['gateway'] = trans('Specified gateway address does not match with network address!'); } } if ($netadd['dhcpstart'] != '') { if (!check_ip($netadd['dhcpstart'])) { $error['dhcpstart'] = trans('Incorrect IP address for DHCP range start!'); } elseif (!isipin($netadd['dhcpstart'], getnetaddr($netadd['address'], prefix2mask($netadd['prefix'])), prefix2mask($netadd['prefix'])) && $netadd['address'] != '') { $error['dhcpstart'] = trans('IP address for DHCP range start does not match with network address!'); } } if ($netadd['dhcpend'] != '') { if (!check_ip($netadd['dhcpend'])) { $error['dhcpend'] = trans('Incorrect IP address for DHCP range end!'); } elseif (!isipin($netadd['dhcpend'], getnetaddr($netadd['address'], prefix2mask($netadd['prefix'])), prefix2mask($netadd['prefix'])) && $netadd['address'] != '') { $error['dhcpend'] = trans('IP address for DHCP range end does not match with network address!'); } } if (!isset($error['dhcpstart']) && !isset($error['dhcpend'])) { if ($netadd['dhcpstart'] != '' && $netadd['dhcpend'] == '' || $netadd['dhcpstart'] == '' && $netadd['dhcpend'] != '') { $error['dhcpend'] = trans('Both IP addresses for DHCP range are required!'); } if ($netadd['dhcpstart'] != '' && $netadd['dhcpend'] != '' && !(ip_long($netadd['dhcpend']) >= ip_long($netadd['dhcpstart']))) { $error['dhcpend'] = trans('End of DHCP range has to be equal or greater than start!'); } } if (!empty($netadd['ownerid']) && !$LMS->CustomerExists($netadd['ownerid'])) { $error['ownerid'] = trans('Customer with the specified ID does not exist');
<?php $top11picks = $_POST['top11']; $write_in_value = $_POST['write_in_value']; $limit = 3; if ($write_in_value) { $limit = $limit - 1; } if (empty($top11picks)) { echo "<div class=\"center error\">You didn't select any songs, please <a href='top11.php'>go back</a> and try again.</div>"; } elseif (count($top11picks) > $limit) { echo "<div class=\"center error\">You selected more than 3 songs, please <a href='top11.php'>go back</a> and select only 3 songs.</div>"; } else { $ip = $_SERVER['REMOTE_ADDR']; //$ip = rand(0, 1000000); if ($_SERVER['HTTP_REFERER'] == "http://ynotradio.net/addtop11vote.php" || check_ip($ip) == "true") { $count = count($top11picks); for ($i = 0; $i < $count; $i++) { add_top11_plus1($top11picks[$i]); } $firstname = mysql_real_escape_string($_POST['firstname']); $lastname = mysql_real_escape_string($_POST['lastname']); $email = mysql_real_escape_string($_POST['email']); $phone = mysql_real_escape_string($_POST['phone']); $write_in_value = mysql_real_escape_string($_POST['write_in_value']); $contest = $_POST['contest']; $newsletter = $_POST['newsletter']; if ($write_in_value) { write_in($write_in_value); } if ($contest == "yes" && ($email || $phone)) {
function GetTransactions($params) { $key = isset($params['key']) && !empty($params['key']) ? $params['key'] : ''; $value = isset($params['value']) && preg_match('/^[0-9]+$/', $params['value']) ? $params['value'] : ''; $propname = isset($params['propname']) && !empty($params['propname']) ? $params['propname'] : ''; $propvalue = isset($params['propvalue']) && !empty($params['propvalue']) ? $params['propvalue'] : ''; $userid = isset($params['userid']) && !empty($params['userid']) ? intval($params['userid']) : 0; $offset = isset($params['offset']) && !empty($params['offset']) ? intval($params['offset']) : 0; $limit = isset($params['limit']) && !empty($params['limit']) ? intval($params['limit']) : 20; $order = isset($params['order']) && preg_match('/ASC/i', $params['order']) ? 'ASC' : 'DESC'; $datefrom = isset($params['datefrom']) && !empty($params['datefrom']) ? intval($params['datefrom']) : 0; $dateto = isset($params['dateto']) && !empty($params['dateto']) ? intval($params['dateto']) : 0; $resource = isset($params['resource']) && !empty($params['resource']) ? $params['resource'] : 0; switch ($propname) { case 'ipaddr': case 'ipaddr_pub': if (check_ip($propvalue)) { $propvalue = ip_long($propvalue); } break; } $args = array(); $where = array(); $joins = array(); if ($key != '' && strval($value) != '') { $joins[] = 'JOIN logmessagekeys lmk ON lmk.logmessageid = lm.id'; $where[] = 'lmk.name = ? AND lmk.value ' . (empty($value) ? '>' : '=') . ' ?'; $args[] = $key; $args[] = $value; } if ($propname != '' && $propvalue != '') { $joins[] = 'JOIN logmessagedata lmd ON lmd.logmessageid = lm.id'; $where[] = 'lmd.name = ? AND lmd.value ?LIKE? ?'; $args[] = $propname; $args[] = '%' . $propvalue . '%'; } if ($resource) { $where[] = 'lm.resource = ?'; $args[] = $resource; } if ($userid) { $where[] = 'lt.userid = ?'; $args[] = $userid; } if ($datefrom) { $where[] = 'lt.time >= ?'; $args[] = $datefrom; } if ($dateto) { $where[] = 'lt.time <= ?'; $args[] = $dateto; } $trans = $this->DB->GetAll('SELECT DISTINCT lt.id, lt.time, lt.userid, u.login, lt.module FROM logtransactions lt JOIN logmessages lm ON lm.transactionid = lt.id LEFT JOIN users u ON u.id = lt.userid ' . implode(' ', $joins) . (!empty($where) ? ' WHERE ' . implode(' AND ', $where) : '') . ' ORDER BY lt.id ' . $order . ' LIMIT ' . $limit . (!empty($offset) ? ' OFFSET ' . $offset : ''), $args); return $trans; }
} if ($config['offline'] == "yes") { include ENGINE_DIR . '/modules/offline.php'; } if ($user_info['user_delet']) { include ENGINE_DIR . '/modules/profile_delet.php'; } if ($user_info['user_emailed'] == 1) { include ENGINE_DIR . '/modules/profile_disabled.php'; } if ($user_info['user_banpass'] == 1) { include ENGINE_DIR . '/modules/profile_banpass.php'; } $sql_banned = $db->super_query("SELECT * FROM " . PREFIX . "_banned", true, "banned", true); if (isset($sql_banned)) { $blockip = check_ip($sql_banned); } else { $blockip = false; } if ($user_info['user_ban_date'] >= $server_time or $user_info['user_ban_date'] == '0' or $blockip) { include ENGINE_DIR . '/modules/profile_ban.php'; } //Елси юзер залогинен то обновляем последнюю дату посещения в таблице друзей и на личной странице if ($logged) { if (!$user_info['user_lastupdate']) { $user_info['user_lastupdate'] = 1; } //Начисление 3 голосов. if (date('Y-m-d', $user_info['user_lastupdate']) < date('Y-m-d', $server_time)) { $sql_balance = ", user_balance = user_balance+3, user_lastupdate = '{$server_time}'"; }
$domainadd = array(); if (isset($_POST['domainadd'])) { $domainadd = $_POST['domainadd']; $domainadd['name'] = trim($domainadd['name']); $domainadd['description'] = trim($domainadd['description']); $domainadd['master'] = trim($domainadd['master']); if ($domainadd['type'] == 'SLAVE') { if (!check_ip($domainadd['master'])) { $error['master'] = trans('IP address of master NS is required!'); } } else { $domainadd['master'] = ''; if (!check_ip($domainadd['ipwebserver'])) { $error['ipwebserwer'] = trans('IP address of webserver is required!'); } if (!check_ip($domainadd['ipmailserver'])) { $error['ipmailserwer'] = trans('IP address of mailserver is required!'); } } if ($domainadd['name'] == '') { $error['name'] = trans('Domain name is required!'); } else { if ($errorname = check_hostname_fqdn($domainadd['name'], false, true)) { $error['name'] = $errorname; } else { if (GetDomainIdByName($domainadd['name'])) { $error['name'] = trans('Domain with specified name exists!'); } } } if ($domainadd['ownerid']) {
if ($ip != $nodeedit['ipaddr']) { if (!$LMS->IsIPFree($nodeedit['ipaddr'], $nodeedit['netid'])) { $error['ipaddr'] = trans('Specified IP address is in use!'); } elseif ($LMS->IsIPGateway($nodeedit['ipaddr'])) { $error['ipaddr'] = trans('Specified IP address is network gateway!'); } } } } else { $error['ipaddr'] = trans('Specified IP address doesn\'t overlap with any network!'); } } else { $error['ipaddr'] = trans('Incorrect IP address!'); } if ($nodeedit['ipaddr_pub'] != '0.0.0.0' && $nodeedit['ipaddr_pub'] != '') { if (check_ip($nodeedit['ipaddr_pub'])) { if ($LMS->IsIPValid($nodeedit['ipaddr_pub'])) { $ip = $LMS->GetNodePubIPByID($nodeedit['id']); if ($ip != $nodeedit['ipaddr_pub'] && !$LMS->IsIPFree($nodeedit['ipaddr_pub'])) { $error['ipaddr_pub'] = trans('Specified IP address is in use!'); } elseif ($ip != $nodeedit['ipaddr_pub'] && $LMS->IsIPGateway($nodeedit['ipaddr_pub'])) { $error['ipaddr_pub'] = trans('Specified IP address is network gateway!'); } } else { $error['ipaddr_pub'] = trans('Specified IP address doesn\'t overlap with any network!'); } } else { $error['ipaddr_pub'] = trans('Incorrect IP address!'); } } else { $nodeedit['ipaddr_pub'] = '0.0.0.0';
exit; } } if ($clear_fields == 1 || $do_it == 0 && $select_nas == 0) { $selected_nas = $readonly = ''; } else { $readonly = 'readonly'; } $link = @da_sql_pconnect($config); if ($link) { if ($do_it == 1) { $selected_nas = da_sql_escape_string($selected_nas); switch ($action) { case 'check_nas': require_once '../lib/functions.php'; if (!check_ip($selected_nas) && $selected_nas == gethostbyname($selected_nas)) { $msg = "<b>The NAS name <font color=red>is not</font> valid</b><br>\n"; } else { $msg = "<b>The NAS name <font color=green>is</font> valid</b><br>\n"; } break; case 'del_nas': $res = @da_sql_query($link, $config, "DELETE FROM {$config['sql_nas_table']} WHERE nasname = '{$selected_nas}';"); if ($res) { $msg = "<b>NAS '{$selected_nas}' was deleted successfully</b><br>\n"; $selected_nas = ''; } else { $msg = "<b>Error deleting NAS '{$selected_nas}' " . da_sql_error($link, $config) . "</b><br>\n"; } break; case 'add_nas':
/** * * Function check_security_type * This function checks database settings to see if non standard play security options have been met * @param string $security_setting = the value taken from security_setting in play_security_details * @return bool True or False if two params match * @version 1.0 * @author Patrick Lockley */ function check_security_type($security_setting) { if ($security_setting != "") { if (substr($security_setting, 0, 4) == "http") { return check_host($_SERVER['HTTP_REFERER'], $security_setting); } else { return check_ip($_SERVER['REMOTE_ADDR'], $security_setting); } } else { return false; } }
if($networkdata['gateway']!='') if(!check_ip($networkdata['gateway'])) $error['gateway'] = trans('Incorrect gateway IP address!'); else if(!isipin($networkdata['gateway'],getnetaddr($networkdata['address'],prefix2mask($networkdata['prefix'])),prefix2mask($networkdata['prefix']))) $error['gateway'] = trans('Specified gateway address does not match with network address!'); if($networkdata['dhcpstart']!='') if(!check_ip($networkdata['dhcpstart'])) $error['dhcpstart'] = trans('Incorrect IP address for DHCP range start!'); else if(!isipin($networkdata['dhcpstart'],getnetaddr($networkdata['address'],prefix2mask($networkdata['prefix'])),prefix2mask($networkdata['prefix'])) && $networkdata['address']!='') $error['dhcpstart'] = trans('IP address for DHCP range start does not match with network address!'); if($networkdata['dhcpend']!='') if(!check_ip($networkdata['dhcpend'])) $error['dhcpend'] = trans('Incorrect IP address for DHCP range end!'); else if(!isipin($networkdata['dhcpend'],getnetaddr($networkdata['address'],prefix2mask($networkdata['prefix'])),prefix2mask($networkdata['prefix'])) && $networkdata['address']!='') $error['dhcpend'] = trans('IP address for DHCP range end does not match with network address!'); if(!isset($error['dhcpstart']) && !isset($error['dhcpend'])) { if(($networkdata['dhcpstart']!='' && $networkdata['dhcpend']=='')||($networkdata['dhcpstart']=='' && $networkdata['dhcpend']!='')) $error['dhcpend'] = trans('Both IP addresses for DHCP range are required!'); if($networkdata['dhcpstart']!='' && $networkdata['dhcpend']!='' && !(ip_long($networkdata['dhcpend']) >= ip_long($networkdata['dhcpstart']))) $error['dhcpend'] = trans('End of DHCP range has to be equal or greater than start!'); } if(!$error) {
public function DecodeMessageData(&$data) { global $PERIODS, $PAYTYPES, $LINKTYPES, $LINKSPEEDS; switch ($data['name']) { case 'datefrom': case 'dateto': case 'issuedto': case 'consentdate': case 'time': case 'sdate': case 'cdate': $data['value'] = !empty($data['value']) ? $data['value'] = date('Y.m.d', $data['value']) : $data['value']; break; case 'at': $data['value'] = strlen($data['value']) > 6 ? date('Y.m.d', $data['value']) : $data['value']; break; case 'period': $data['value'] = $PERIODS[$data['value']]; break; case 'paytype': $data['value'] = empty($data['value']) ? trans('default') : $PAYTYPES[$data['value']]; break; case 'paytime': $data['value'] = $data['value'] == -1 ? trans('default') : $data['value']; break; case 'invoice': case 'issuetoendofyear': case 'access': case 'warning': case 'chkmac': case 'halfduplex': $data['value'] = $data['value'] == 1 ? trans('yes') : trans('no'); break; case 'type': if ($data['resource'] == self::RES_CUST) { $data['value'] = empty($data['value']) ? trans('private person') : trans('legal entity'); } else { $data['value'] = $data['value']; } break; case 'ipaddr': if (!check_ip($data['value'])) { $data['value'] = long2ip($data['value']); } break; case 'ipaddr_pub': $data['value'] = empty($data['value']) ? trans('none') : long2ip($data['value']); break; case 'linktype': $data['value'] = $LINKTYPES[$data['value']]; break; case 'linkspeed': $data['value'] = !empty($data['value']) ? $LINKSPEEDS[$data['value']] : ''; break; case 'port': $data['value'] = $data['value'] == 0 ? trans('none') : $data['value']; break; default: $data['value'] = $data['value']; } if ($data['resource'] != self::RES_USER && strlen($data['value']) > 50) { $data['value'] = substr($data['value'], 0, 50) . '...'; } $data['value'] = htmlspecialchars($data['value']); //$data['name'] = trans($data['name']); }
private function securityChecks() { $mail_subject = array(); if (check_account()) { $mail_subject[] = 'Connexion d\'un utilisateur surveillé'; } if (check_ip('unsafe')) { $mail_subject[] = 'Une IP surveillee a tente de se connecter'; if (check_ip('ban')) { send_warning_mail(implode(' - ', $mail_subject)); $this->destroy(); Platal::page()->kill('Une erreur est survenue lors de la procédure d\'authentification. ' . 'Merci de contacter au plus vite ' . '<a href="mailto:support@polytechnique.org">support@polytechnique.org</a>'); return false; } } if (count($mail_subject)) { send_warning_mail(implode(' - ', $mail_subject)); } }
</tr> <tr> <td class="mbox"><?php echo $lang->phrase('admin_member_find_ip_user_match'); ?></td> <td class="mbox"><input type="text" name="username" value="<?php echo $username; ?>" size="35" /></td> </tr> <tr> <td class="ubox" colspan="2" align="center"><input type="submit" value="<?php echo $lang->phrase('admin_member_find'); ?>" /></td> </tr> </table> </form> <?php echo foot(); } elseif ($job == 'iphost') { $ip = $gpc->get('ip', str); if (check_ip($ip)) { $resolvedip = @gethostbyaddr($ip); } if (empty($resolvedip) || $resolvedip == $ip) { $host = '<i>'.$lang->phrase('admin_member_iphost_na').'</i>'; } else { $host = htmlspecialchars($resolvedip); } echo head(); ?> <table align="center" class="border"> <tr> <td class="obox" colspan="2"><?php echo $lang->phrase('admin_member_resolve_ip'); ?></td> </tr> <tr>
function do_bbs($formatter, $options = array()) { global $DBInfo; $err = ''; $args = array(); if ($options['mode'] == 'rss') { #$formatter->send_header("Content-Type: text/xml",$options); header("Content-Type: application/xml"); print macro_BBS($formatter, '', $options); return; } # load a config file $bname = $formatter->page->name; $conf0 = array(); if (file_exists('config/bbs.' . $bname . '.php')) { $confname = 'bbs.' . $bname . '.php'; $conf0 = _load_php_vars('config/bbs.default.php'); } else { $confname = 'bbs.default.php'; } $conf = _load_php_vars('config/' . $confname); $conf = array_merge($conf0, $conf); # check valid IP $check_ip = true; if ($conf['allowed_ip'] and in_array($options['mode'], array('edit', 'delete', 'new'))) { include_once 'lib/checkip.php'; if (!check_ip($conf['allowed_ip'], $_SERVER['REMOTE_ADDR'])) { $options['title'] = sprintf(_("Your IP address is not allowed to %s at this BBS"), $options["mode"]); $check_ip = false; } } $check_pass = false; $MyBBS = macro_BBS($formatter, '', array('new' => 1)); if ($options['id'] != 'Anonymous' and $options['mode'] == 'edit' and $options['no']) { $body = $MyBBS->getPage($options['no']); if ($body != null) { include_once 'lib/metadata.php'; list($metas, $dummy) = _get_metadata($body); if ($metas['Name'] == $options['id']) { # XXX $check_pass = true; } } } # password check while ($options['no'] and ($options['mode'] == 'delete' or $options['mode'] == 'edit') and $_SERVER['REQUEST_METHOD'] == "POST") { # check admin(WikiMaster) password if (!$check_pass) { if ($DBInfo->admin_passwd) { $check_pass = $DBInfo->admin_passwd == crypt($options['pass'], $DBInfo->admin_passwd); } else { $check_pass = false; } } # check admin(BBSMaster) password if (!$check_pass and $conf['admin_passwd']) { $check_pass = $conf['admin_passwd'] == crypt($options['pass'], $conf['admin_passwd']); } while ($check_ip and $check_pass and $options['mode'] == 'delete') { if (($p = strpos($options['no'], ' ')) !== false) { $nids = explode(" ", $options['no']); } else { $nids = array($options['no']); } for ($i = 0, $sz = sizeof($nids); $i < $sz; $i++) { if ($MyBBS->hasPage($nids[$i])) { $MyBBS->deletePage($nids[$i]); } else { $MyBBS->deleteIndex($nids[$i]); } } $query = $options['p'] ? '&p=' . $options['p'] : ''; $myrefresh = ''; if ($DBInfo->use_save_refresh) { $sec = $DBInfo->use_save_refresh - 1; $lnk = $formatter->link_url($formatter->page->urlname, '?' . ($query ? $query : 'action=show')); $myrefresh = 'Refresh: ' . $sec . '; url=' . qualifiedURL($lnk); } $options['msg'] = _("Successfully deleted."); $header = array("Expires: " . gmdate("D, d M Y H:i:s", 0) . " GMT"); if ($myrefresh) { $header[] = $myrefresh; } $formatter->send_header($header, $options); $formatter->send_title("", "", $options); $formatter->send_footer("", $options); return; } break; } while ($options['mode'] == 'comment' and $options['savetext'] and $_SERVER['REQUEST_METHOD'] == "POST") { $query = 'no=' . $options['no'] . ($options['p'] ? '&p=' . $options['p'] : ''); $myrefresh = ''; if ($DBInfo->use_save_refresh) { $sec = $DBInfo->use_save_refresh - 1; $lnk = $formatter->link_url($formatter->page->urlname, '?' . $query); $myrefresh = 'Refresh: ' . $sec . '; url=' . qualifiedURL($lnk); } $header = array("Expires: " . gmdate("D, d M Y H:i:s", 0) . " GMT"); if ($myrefresh) { $header[] = $myrefresh; } $p = new WikiPage($options['page'] . ':' . $options['no'], $options); $formatter->page = $p; $options['page'] = $options['page'] . ':' . $options['no']; $options['minor'] = 1; # do not log $formatter->send_header($header, $options); $options['action_mode'] = 'ajax'; $options['call'] = 1; $ret = $formatter->ajax_repl('comment', $options); if ($ret == false) { $options['msg'] = _("Fail to post comment."); } unset($options['action_mode']); $formatter->send_title("", "", $options); $formatter->send_footer("", $options); return; break; } if ($options['mode'] == 'delete') { $msg = sprintf(_("The article %s will be deleted."), $options['no']); $url = $formatter->link_url($formatter->page->urlname, ''); $header = array("Expires: " . gmdate("D, d M Y H:i:s", 0) . " GMT"); $formatter->send_header($header, $options); $formatter->send_title("", "", $options); print <<<EOF <div class='deleteDialog'> <form method='post' action='{$url}' > <strong>{$msg}</strong> <table border='0' width='20%'> <tbody> <tr><th>Password:</th><td><input type='password' style="width:200px" name='pass' /></td></tr> </tbody> </table> <input type='hidden' name='no' value='{$options['no']}' /> <input type='hidden' name='p' value='{$options['p']}' /> <input type='hidden' name='action' value='bbs' /> <input type='hidden' name='mode' value='delete' /> </form> </div> EOF; $formatter->send_footer("", $options); return; } else { if ($options['mode'] == 'edit') { $button_preview = $options['button_preview']; while ($_SERVER['REQUEST_METHOD'] == "POST") { $savetext = $options['savetext']; $datestamp = $options['datestamp']; $subject = $options['subject']; # strip some tags from the subject $subject = preg_replace("%</?(marquee|embed|object|script|form|frame|iframe|img|a|)[^>]*>%", '', $subject); $args['subject'] = _stripslashes($subject); if ($options['id'] == 'Anonymous') { $name = $options['name']; $name = strip_tags($name); $pass = $options['pass']; $home = $options['homepage']; # check a homepage address if (!empty($home)) { if (!preg_match('/^((ftp|http|news):\\/\\/)[a-z0-9][a-z0-9_\\-]+\\.[a-z0-9\\-\\.]+.*/', $home)) { $options['msg'] = _("Invalid HomePage address."); break; } else { if (!eregi("^(ftp|http|news):\\/\\/", $home)) { $home = "http://" . $home; } } } # check email address $email = $options['email']; $args['name'] = _stripslashes($name); $args['pass'] = _stripslashes($pass); $args['home'] = _stripslashes($home); $args['email'] = _stripslashes($email); if (!$name) { $options['msg'] = _("No Name error."); break; } } else { $args['name'] = $options['id']; } $args['no'] = $options['no'] ? $options['no'] : 0; if ($options['no'] and !$check_pass) { break; } # edit mode if (!$check_ip) { break; } # not allowed IPs if (!$args['subject'] or !$savetext) { $options['msg'] = _("No Subject error."); break; } if ($button_preview) { break; } $savetext = preg_replace("/\r\n|\r/", "\n", $savetext); if ($savetext and $DBInfo->spam_filter) { $text = $savetext; $fts = preg_split('/(\\||,)/', $DBInfo->spam_filter); foreach ($fts as $ft) { $text = $formatter->filter_repl($ft, $text, $options); } if ($text != $savetext) { $options['msg'] = _("Sorry, can not save page because some messages are blocked in this wiki."); break; } } $savetext = rtrim($savetext) . "\n"; $args['text'] = _stripslashes($savetext); $MyBBS = macro_BBS($formatter, '', array('new' => 1)); $myrefresh = ''; if ($DBInfo->use_save_refresh) { $sec = $DBInfo->use_save_refresh - 1; $lnk = $formatter->link_url($formatter->page->urlname, "?action=show"); $myrefresh = 'Refresh: ' . $sec . '; url=' . qualifiedURL($lnk); } $header = array("Expires: " . gmdate("D, d M Y H:i:s", 0) . " GMT"); $options['msg'] = _("New post added successfully"); if ($myrefresh) { $header[] = $myrefresh; } $formatter->send_header($header, $options); $formatter->send_title("", "", $options); if ($MyBBS->use_attach) { # XXX $args['call'] = 1; $lists = array(); $lists = $formatter->macro_repl('Attachments', '', $args); unset($args['call']); if (!empty($lists)) { $args['attach'] = $lists; } } $MyBBS->savePage($args); $formatter->send_footer("", $options); return; } #print _bbs_edit_form(); #print macro_BBSForm($formatter); $formatter->send_header("", $options); $formatter->send_title("", "", $options); if ($options['savetext']) { $formatter->_raw_body = $options['savetext']; if ($options['no']) { $hidden = "<input type='hidden' name='no' value='{$options['no']}' />\n" . "<input type='hidden' name='p' value='{$options['p']}' />"; } } else { if ($options['no']) { $MyBBS = macro_BBS($formatter, '', array('new' => 1)); $nid = $options['no']; if ($nid and $MyBBS->hasPage($nid)) { $fields = array('Name', 'Subject', 'Date', 'Email', 'HomePage', 'IP', 'Keywords'); include_once 'lib/metadata.php'; $body = $MyBBS->getPage($nid); $boundary = strtoupper(md5("COMMENT")); # XXX list($body, $comments) = explode('----' . $boundary . "\n", $body, 2); # XXX if ($body != null) { list($metas, $nbody) = _get_metadata($body); if ($nbody) { $body = $nbody; } $args['name'] = $metas['Name']; $args['subject'] = $metas['Subject']; $args['home'] = $metas['HomePage']; $args['email'] = $metas['Email']; $args['text'] = $body; $formatter->_raw_body = $body; $hidden = "<input type='hidden' name='no' value='{$nid}' />\n" . "<input type='hidden' name='p' value='{$options['p']}' />"; } } } else { $formatter->_raw_body = ""; } } if ($options['id'] == 'Anonymous') { $formatter->_extra_form = <<<EOF <div> <table border='0' width='100%'> <col width='10%' /><col width='10%' /><col width='10%' /><col width='70%' /> <tbody> <tr><th>Subject:</th><td colspan='3'><input type='text' style="width:80%" name='subject' value='{$args['subject']}' /></td></tr> <tr><th>Name:</th><td><input type='text' name='name' value='{$args['name']}' /></td> <th>Password:</th><td><input type='password' name='pass' /></td></tr> <tr><th>Email:</th><td colspan='3'><input type='text' style="width:50%" name='email' value='{$args['email']}' /></td></tr> <tr><th>HomePage:</th><td colspan='3'><input type='text'style="width:50%" name='homepage' value='{$args['home']}' /></td></tr> </tbody> </table> {$hidden} </div> EOF; } else { if (!$check_pass and !empty($options['no']) and $options['mode'] == 'edit') { $pass_form = "<tr><th>Password:</th><td><input type='password' name='pass' /></td></tr>"; } $formatter->_extra_form = <<<EOF <div> <table border='0' width='100%'> <col width='20%' /><col width='80%' /> <tbody> <tr><th>Subject:</th><td><input type='text' style="width:80%" name='subject' value='{$args['subject']}' /></td></tr> {$pass_form} </tbody> </table> {$hidden} </div> EOF; } $formatter->_mtime = 0; $options['simple'] = 2; $options['nocategories'] = 1; $options['minor'] = 1; # do not show a minor checkbox print macro_EditText($formatter, $value, $options); $formatter->_raw_body = null; $formatter->_extra_form = null; } else { $formatter->send_header("", $options); $formatter->send_title("", "", $options); print macro_BBS($formatter, 'no=' . $options['no']); } } $formatter->send_footer("", $options); return; }
/** * @return check for IP */ public function check_ip() { $tc = (new ScraperController())->torNew(); $ip = \Request::ip(); $condition = array("open", "blocked"); $key = array_rand($condition, 1); $status = $condition[$key]; \Log::info($ip . ":" . $status); if ($status == 'blocked') { \Log::info("Gaining new tor identity"); if (isset($tc->connected)) { $tc->quit(); } check_ip(); } else { return $ip; } }
} else { die("Language file not found"); } } else { @(include_once ROOT_DIR . '/language/' . $config['langs'] . '/website.lng'); } $config['charset'] = $lang['charset'] != '' ? $lang['charset'] : $config['charset']; $is_logged = false; $member_id = array(); if ($config['allow_registration'] == "yes") { require_once ENGINE_DIR . '/modules/sitelogin.php'; } if (!$is_logged) { $member_id['user_group'] = 5; } if (check_ip($banned_info['ip'])) { die("error"); } $tpl = new dle_template(); $tpl->dir = ROOT_DIR . '/templates/' . $_REQUEST['skin']; define('TEMPLATE_DIR', $tpl->dir); $ajax_adds = true; $_POST['name'] = convert_unicode($_POST['name'], $config['charset']); $_POST['mail'] = convert_unicode($_POST['mail'], $config['charset']); $_POST['comments'] = convert_unicode($_POST['comments'], $config['charset']); $_POST['question_answer'] = convert_unicode($_POST['question_answer'], $config['charset']); require_once ENGINE_DIR . '/modules/addcomments.php'; if ($CN_HALT != TRUE) { include_once ENGINE_DIR . '/classes/comments.class.php'; $comments = new DLE_Comments($db, 1, 1); $comments->query = "SELECT " . PREFIX . "_comments.id, post_id, " . PREFIX . "_comments.user_id, date, autor as gast_name, " . PREFIX . "_comments.email as gast_email, text, ip, is_register, name, " . USERPREFIX . "_users.email, news_num, comm_num, user_group, lastdate, reg_date, signature, foto, fullname, land, icq, xfields FROM " . PREFIX . "_comments LEFT JOIN " . USERPREFIX . "_users ON " . PREFIX . "_comments.user_id=" . USERPREFIX . "_users.user_id WHERE " . PREFIX . "_comments.post_id = '{$post_id}' order by id DESC";